Leveraging Managed Identity with AKS instead of Service Principal is more secure for 2 main reasons:

• There is not anymore the credentials file stored on any AKS nodes (/host/etc/kubernetes/azure.json)
• MI will wrap and managed the credentials (auto-rotate, when expired, etc.) for you

6f2554a

996594f

There is an issue currently Azure/azure-cli#12864

da5897c